Certified in Risk and Information Systems Control (CRISC) — Question 200

An IT license audit has revealed that there are several unlicensed copies of commercial applications installed on company laptops. The risk practitioner's BEST course of action would be to:

Answer options

• A. immediately uninstall the unlicensed software from the laptops.
• B. procure the requisite licenses for the software to minimize business impact.
• C. report the issue to management so appropriate action can be taken.
• D. centralize administration rights on laptops so that installations are controlled.

Correct answer: C

Explanation

The best course of action is to report the issue to management so they can take the appropriate steps, as they are in a position to make decisions regarding licensing and compliance. Uninstalling the software (A) might disrupt business operations, while procuring licenses (B) may not be feasible without management approval. Centralizing administration rights (D) is a preventive measure but does not address the current licensing issue.